Next: Complete firewalls based on
Up: Linux firewall facilities for
Previous: A real-life example
Although the current Linux firewall facilities are very useful,
there are still some weaknesses and missing features.
Therefore, possible areas for improvement in future Linux
versions might be:
-
Adding support for true transparent application-level
proxying, by allowing sessions to be redirected to local proxy servers.
-
Further modularization of the firewall and masquerading code.
-
Keeping some kind of state information, at least to detect related
fragments.
-
Some graphical user interface for configuring the firewall and
accounting rules, being a front-end to ipfwadm.
-
One or more new policies might be added for refusing a packet.
Given this, there is a good chance that Linux will soon be able to
compete with the more advanced commercial firewall solutions
on the market.
Note that this paper is based on Linux 1.3.88 and ipfwadm 2.0,
describing the situation in April 1996.
A revision of this paper for Linux 2.0.x and ipfwadm 2.3.0 is planned,
but not yet available.
Copyright © 1996 by X/OS Experts in Open Systems BV.
All rights reserved.